New DIY HTTP-based botnet tool spotted in the wild
What are cybercrime-facilitating programmers up to when they’re not busy fulfilling custom orders? Releasing DIY (do-it-yourself) user-friendly tools allowing anyone an easy entry into the world of cybercrime, and securing their revenue streams thanks to the active advertisements of these tools across closed cybercrime-friendly Web communities.
In this post, I’ll profile a recently advertised DIY HTTP-based botnet tool, that allows virtually anyone to operate their own botnet.
More details:
Sample login page of the DIY HTTP-based botnet tool:
Sample statistics page:
As you can see in the attached screenshot, the botnet master has already managed to infect 232 hosts, 130 of which are based in Spain and are running Windows XP.
Sample commands list:
Sample commands list, part two:
The bot has a built-in pharming feature, a bit of an outdated approach for stealing accounting data compared to modern crimeware releases, but still highly effective on hosts where the user isn’t aware of how the process actually works.
Sample settings page:
Actual description of the DIY HTTP-based botnet tool:
Coded in Visual Basic Script 6.0
Connect:
* – Domain 4 connections
* – Mutex Anti double execution
* – Access Key Exe (Server with password)
* – Antianalizadores (10-20 Pc locked, USA, ROMANIA, CHINA, GERMANY, ETC)
* – Description of the server for updates (Register exe version)
* – Melt function
* – Connection time 120 seconds (more than 1GB RAM VPS-10k)
* – Mutex Anti double execution
* – Access Key Exe (Server with password)
* – Antianalizadores (10-20 Pc locked, USA, ROMANIA, CHINA, GERMANY, ETC)
* – Description of the server for updates (Register exe version)
* – Melt function
* – Connection time 120 seconds (more than 1GB RAM VPS-10k)
————————————————– —————————-
Build options:
* – Download and run hidden mode
* – Upgrading Server (Need key exe) ‘download the new server.exe eliminating the current to be replaced by the new volk or some other botnet, the volk will be removed from windows start.
* – Remove Bot
* – Upgrading Server (Need key exe) ‘download the new server.exe eliminating the current to be replaced by the new volk or some other botnet, the volk will be removed from windows start.
* – Remove Bot
Explorer options:
* – Navigate Website (Visible) ‘bots visit a url with the default explorer
* – Visit the website (Hidden) ‘bots visit a url in hidden mode
* – Navigate Website (Visible) ‘bots visit a url with the default explorer
* – Visit the website (Hidden) ‘bots visit a url in hidden mode
Banking Options:
* – Hosts Pharming (win32) ‘Bots are modified for visiting fake web ip / domain
* – Hosts Pharming (win32) ‘Bots are modified for visiting fake web ip / domain
WebPanel Options:
* – Command (Run Command) ‘is run by Bots, Shuffle, Country, Builder, Systema Operating or all bots
* – Setting User: Option to change password webpanel add user permissions, manager or just modding
* – BOTLIST: Displays the name of Bot, IP, PAIS, OPERATING SYSTEM.
* – Command (Run Command) ‘is run by Bots, Shuffle, Country, Builder, Systema Operating or all bots
* – Setting User: Option to change password webpanel add user permissions, manager or just modding
* – BOTLIST: Displays the name of Bot, IP, PAIS, OPERATING SYSTEM.
@villu